ISIS Sympathizers Defacing and Exploiting WordPress Sites, FBI Warns

Individuals sympathetic to the Islamic State in the Levant (ISIL) a.k.a. Islamic State of Iraq and al-Shams (ISIS) group are disrupting the operations of various WordPress sites, theFBI Internet Crime Complaint Center announced on Tuesday. They are not members of the organization, but may be using the name to gain notoriety in their attacks.

The FBI announced that previously known vulnerabilities in WordPress plug-ins were exploited to deface the sites. Specific websites were not named and no in-depth technical analysis was included.

The perpetrators are relatively less sophisticated as typical attackers. They were reportedly using unsophisticated methods to exploit technical vulnerabilities and the victims of the defacements share common WordPress plug-in vulnerabilities easily exploited by commonly available hacking tools.

Security researchers noted that outdated versions of the RevSlider (4.2), GravityForms (v1.8.2), FancyBox, Wp Symposium, and Mailpoe plug-ins were among those that are currently being exploited.

In a blog post, security journalist Brian Krebs noted that this announcement comes at the heels of another FBI public alert, which though unrelated to ISIS sympathizers are similarly driven by ideologies—that of extremist hacking groups reportedly recruiting participants to target Israeli and Jewish Web sites for the second anniversary of the #OpIsrael operation.

Political Motivations, Real Consequences

Ideologies have always been strong motivators for cyber aggression, even more so when those involved are driven by real-world events. Since cyberspace is a venue that coddles all users, regardless of their affiliations, politically motivated attacks using online threats has become a common scenario.

Individuals or groups driven by political beliefs or advocacies may resort to using web threats to put their enemies down. In this case, a popular web platform used by majority of high-traffic sites can be very dangerous for those who use and access the said sites.

“Successful exploitation of the vulnerabilities could result in an attacker gaining unauthorized access, bypassing security restrictions, injecting scripts, and stealing cookies from computer systems or network servers. An attacker could install malicious software; manipulate data; or create new accounts with full user privileges for future Web site exploitation,” warns the FBI.

In a way, web defacements and attacks of this nature can contribute in tarnishing the reputation of organizations, hamper internal operations, and cause the loss of valuable resources.

In January, a hacker group reported to have hacked the United States Central Command (USCENTCOM or CENTCOM) Twitter and YouTube accounts were able to redirect the Malaysia Airlines (MAS) website visitors via a “DNS spoofing attack.” This may have been distressing for the customers of the said airlines who needed to check their flights.

2019 SECURITY PREDICTIONS

Our security predictions for 2019 are based on our experts’ analysis of the progress of current and emerging technologies, user behavior, and market trends, and their impact on the threat landscape.View the 2019 Security Predictions